Sat, Aug
65 New Articles

Cybercrime: The Road Begins

Cybercrime: The Road Begins

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Each year hundreds of billions of dollars are lost by companies due to cybercrimes committed by criminals. These attacks vary from sophisticated hacking to primitive fraud attempts. 

However, with the right preparation and countermeasures in place, companies can prevent certain types of cyberattacks, or at least mitigate the associated losses. 

Recent Examples

With increasing frequency, perpetrators are hacking employee email accounts (typically those belonging to the person responsible for payments in the company’s name) by sending a message from a specially-created email address differing only by one or two characters from the email address of an actual company business partner. The email contains a request that payments due to the business partner be wired to a new Hungarian (or other) bank account provided in the email sent from the fake email address. Unless the targeted employee notices the deception, he or she may well wire the funds to that new bank account. After payment, another perpetrator will carry out different money laundering operations, like transferring the fraudulently-acquired money to another bank account, often outside of the EU. Finally, with the help of “stooges,” the perpetrators can withdraw the wired money from the account in cash. 

Another type of cybercrime is committed by hackers who break into a company’s IT system and extract a part of or an entire database. As a next step, they send an email or other message to a company executive or other responsible person demanding the transfer of funds (or more recently, bitcoins), threatening to disclose the illegally-obtained data to the public on the Internet if they do not receive payment. In some instances, hackers have carried through with their threats when funds were not credited in line with their demands, causing huge reputational and other losses to companies.

Potential Prevention or Defence Options 

Preventing the first type of attack is much easier than recovering lost assets. Companies must bring these types of crimes to the attention of the personnel responsible for accounting, finance, and IT systems by organizing internal trainings and requiring that payment of funds be made only by the book (e.g., for all changes in bank accounts, a phone confirmation or other confirmation method should apply) and creating effective internal validation processes. Should such an attack take place, time is of the essence. In our experience, if a company acts quickly in filing a police report and asking for the relevant bank accounts to be frozen, there is a chance that at least some amounts can be recovered.

The second type is more difficult to prevent. Many companies spend excessive amounts of money on IT – especially IT security – but the sufficiency of such systems can only be truly measured when an attack occurs, as even less-developed IT systems are likely to detect an attempt. After a successful attack, it is very difficult to move forward quickly. Therefore, all companies should have a strategy in place to make sure that losses, if they occur, are minimized to the extent possible. 

It appears that transferring money to Hungarian bank accounts is extremely popular among the perpetrators of such cybercrimes, which brings up the question of how regulations concerning the opening of bank accounts and wire transfer operations can be tightened or weak points of the system detected. 

Cybercrimes have also caught the attention of the authorities. On April 15, 2013 Hungary established the National Cyber Security Center to fight such crimes, and at a European level the Directive on Security of Network and Information Systems was adopted in 2016 to strengthen cooperation between authorities. In addition, the rules of the General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, also contain mandatory measures for companies. The GDPR will require companies to implement appropriate security measures to protect personal data processing operations, to carry out data protection impact assessments in connection with high-risk personal data processing (e.g., if the company is likely to be a target of cyber criminals) and, once an incident (cybercrime) occurs, to notify the local data protection officer within 72 hours.

Akos Nagy, Partner, and Aron Barta, Associate, Kinstellar

This Article was originally published in Issue 4.9 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Hungary Knowledge Partner

Nagy és Trócsányi was founded in 1991, turned into limited professional partnership (in Hungarian: ügyvédi iroda) in 1992, with the aim of offering sophisticated legal services. The firm continues to seek excellence in a comprehensive and modern practice, which spans international commercial and business law. 

The firm’s lawyers provide clients with advice and representation in an active, thoughtful and ethical manner, with a real understanding of clients‘ business needs and the markets in which they operate.

The firm is one of the largest home-grown independent law firms in Hungary. Currently Nagy és Trócsányi has 26 lawyers out of which there are 8 active partners. All partners are equity partners.

Nagy és Trócsányi is a legal entity and registered with the Budapest Bar Association. All lawyers of the Budapest office are either members of, or registered as clerks with, the Budapest Bar Association. Several of the firm’s lawyers are admitted attorneys or registered as legal consultants in New York.

The firm advises a broad range of clients, including numerous multinational corporations. 

Our activity focuses on the following practice areas: M&A, company law, litigation and dispute resolution, real estate law, banking and finance, project financing, insolvency and restructuring, venture capital investment, taxation, competition, utilities, energy, media and telecommunication.

Nagy és Trócsányi is the exclusive member firm in Hungary for Lex Mundi – the world’s leading network of independent law firms with in-depth experience in 100+countries worldwide.

The firm advises a broad range of clients, including numerous multinational corporations. Among our key clients are: OTP Bank, Sberbank, Erste Bank, Scania, KS ORKA, Mannvit, DAF Trucks, Booking.com, Museum of Fine Arts of Budapest, Hungarian Post Pte Ltd, Hiventures, Strabag, CPI Hungary, Givaudan, Marks & Spencer, CBA.

Firm's website.

Our Latest Issue